RE: Applying Group Policies to selective OUs...

["Nick Duda" <nduda () VistaPrint com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree, and not to knock on anyones type of method, but that method can get very ugly and unmanageable when having 
lots of GPO's.

Additionally, you can create security groups for GPO's. It does work, and works well, but it should be should in the 
rarest of occasions.

- - Nick

- -----Original Message-----
From: Raoul Armfield [mailto:armfield () amnh org] 
Sent: Thursday, December 29, 2005 2:05 PM
To: Jim Gaudet
Cc: security-basics () securityfocus com
Subject: Re: Applying Group Policies to selective OUs...

Jim Gaudet wrote:
> The user object, or computer object have to live in the OU. I found it
> easier to just create a security group, instead of an OU. Then put the
> members in the group, either user of computer. Then on the GPO, remove
> the Authenticated Users group, and replace with the security group you
> just created. 
>
> Now the GPO will only be applied to this group.

That is funny, having tested this I found that this does not work.  You 
can not apply GPO to security groups or even if you could it becomes an 
administrative nightmare.  The whole point of OUs is to divide your 
organization into Organizational Units that you can apply policies to. 
What if someone needs to be part of an security group but does not need 
to have a certain policy applied to them or vice versa?


Raoul



- -- 
Raoul Armfield
rarmfield at amnh dot org

- ---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 

http://www.msia.norwich.edu/secfocus
- ----------------------------------------------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ7q2sVPWeke/vskjEQImXQCgo9ODXjFGy4yXa8s/W1j/kvH4aN4An0yU
pLhA74wBo+u2z8pWgxHFEiqk
=TqDx
-----END PGP SIGNATURE-----

Confidentiality note:
The information in this email and any attachment may contain confidential and proprietary information of VistaPrint 
and/or its affiliates and may be privileged or otherwise protected from disclosure. If you are not the intended 
recipient, you are hereby notified that any review, reliance or distribution by others or forwarding without express 
permission is strictly prohibited and may cause liability. In case you have received this message due to an error in 
transmission, please notify the sender immediately and to delete this email and any attachment from your system.